Publish Advisories

advisory-database[bot] · advisory-database[bot] · commit fc23ea19c82f · 2025-10-24T19:35:06.000Z
GHSA-9wmf-xf3h-r8pr GHSA-v56r-hwv5-mxg6
diff --git a/advisories/github-reviewed/2024/04/GHSA-9wmf-xf3h-r8pr/GHSA-9wmf-xf3h-r8pr.json b/advisories/github-reviewed/2024/04/GHSA-9wmf-xf3h-r8pr/GHSA-9wmf-xf3h-r8pr.json
@@ -1,7 +1,7 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-9wmf-xf3h-r8pr",
-  "modified": "2024-10-16T17:06:11Z",
+  "modified": "2025-10-24T19:33:18Z",
   "published": "2024-04-25T18:30:39Z",
   "aliases": [
     "CVE-2024-1102"
@@ -48,6 +48,10 @@
       "type": "WEB",
       "url": "https://github.com/jberet/jsr352/commit/eeef999663d7da0e372aeeeac26ecf7201a3121d"
     },
+    {
+      "type": "WEB",
+      "url": "https://access.redhat.com/errata/RHSA-2024:1677"
+    },
     {
       "type": "WEB",
       "url": "https://access.redhat.com/errata/RHSA-2024:3580"
diff --git a/advisories/github-reviewed/2025/03/GHSA-v56r-hwv5-mxg6/GHSA-v56r-hwv5-mxg6.json b/advisories/github-reviewed/2025/03/GHSA-v56r-hwv5-mxg6/GHSA-v56r-hwv5-mxg6.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-v56r-hwv5-mxg6",
-  "modified": "2025-03-27T18:02:14Z",
+  "modified": "2025-10-24T19:32:06Z",
   "published": "2025-03-27T18:02:14Z",
   "aliases": [
     "CVE-2025-30355"
   ],
   "summary": "Synapse vulnerable to federation denial of service via malformed events",
-  "details": "### Impact\nA malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild.\n\n### Patches\nFixed in Synapse v1.127.1.\n\n### Workarounds\nClosed federation environments of trusted servers or non-federating installations are not affected.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).",
+  "details": "### Impact\nA malicious server can craft events with a `depth` outside the integer range allowed by Canonical JSON. When such an event is received by Synapse version up to 1.127.0, it prevents it from federating with other servers. The vulnerability has been exploited in the wild.\n\n### Patches\nFixed in Synapse v1.127.1.\n\n### Workarounds\nClosed federation environments of trusted servers or non-federating installations are not affected.\n\n### For more information\n\nIf you have any questions or comments about this advisory, please email us at [security at element.io](mailto:security@element.io).",
   "severity": [
     {
       "type": "CVSS_V3",
